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1. A method for providing a user device with a set of access 
codes, the method comprising: 

in the user device, storing an encryption key and an 
5 identification code, and sending a message containing the 
identification code to a server via a communications network; 

in the server, storing an encryption key corresponding to 
the key stored in the user device, allocating the set of 
access codes on receipt of the identification code from the 
10 user device, performing a look up function based on the 

identification code received in the message to retrieve the 
key from storage, encrypting the set of access codes using the 
retrieved key to produce an encrypted set, and sending a 
message containing the encrypted set to the user device via 
15 the network; and. 



received from the server using the key in storage, and storing 
the decrypted set of access codes for use by a user of the 
user device. 

20 2. A method as claimed in claim 1, further comprising: 

in the server, generating a new key, encrypting the new 
key with the previous key, and sending a message containing 
the encrypted new key to the user device via the network; and. 



25 the server using the previous key, and storing the decrypted 
new key in place of the previous key. 

3. A method as claimed in claim 2, further comprising: 

in the server, encrypting a new set of access codes with 

the new key to produce a new key encrypted set, and sending a 
30 message containing the new key encrypted set to the user 

device via the network; and, 

in the user device, decrypting the new key encrypted set 

using the new key, and storing the decrypted new set for use 

by a user of the user device. 



in the user device, decrypting the encrypted set 



in the user device, decrypting the new key received from 
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4. A method as claimed in claim 1, further comprising: in 
the server, sending a message containing a new set of access 
codes to the user device via the network; and, in the user 
device, storing the new set for use by a user of the user 

5 device . 

5. A method as claimed in claim 4, further comprising: in 
the user device, tracking the access codes used by the user, 
generating a request in response to the number of unused 
access codes reaching a predetermined threshold, and sending a 

10 message containing the request to the server; and, in the 
server, sending the message containing the new set of access 
codes on receipt of the request. 

6. A method as claimed in claim 4, further comprising: in 
the server, tracking the access codes used by the user, and 

15 sending the message containing the new set of access codes to 
the user device in response to the number of unused access 
codes reaching a predetermined threshold. 

7. A method as claimed in claim 4, further comprising: in 
the user device, generating a request in response to a manual 

20 input from the user, and sending a message containing the 

request to the server; and, in the server, sending the message 
containing the new set of access codes on receipt of the 
request. 

8. A method as claimed in claim 1, further comprising: 

25 in the user device, generating a public /private key pair, 

and sending a message containing the public key of the pair to 
the server via the network; 

in the server, generating a session key, encrypting the 
set of access codes with the session key to produce a session 

30 key encrypted set, encrypting the session key with the public 
key to produce an encrypted session key, sending a message 
containing the session key encrypted set and the encrypted 
session key to the user device via the network; and. 
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in the user device, decrypting the encrypted sessioi^^^y34 AMD 
with the private key of the pair to recover the session key, 
decrypting the session key encrypted set with the recovered 
session key to recover the set, and storing the decrypted set 
5 for use by a user of the user device. 

9. A method for providing a user device with a set of access 
codes, the method comprising, in the user device: 

storing an enciryption key and an identification code; 
10 sending a message containing the identification code to a 

server via a communications network; 

receiving from the server a message containing the set of 
access codes encrypted with the key; 

decrypting the received set of access codes using the key 
15 in storage; and, 

storing the decrypted set of access codes for use by a 
user of the user device. 



10. A method as claimed in claim 9, further comprising, in 

the user device: 

20 decrypting a new key received from the server using the 

previous key; and, 

storing the decrypted new key in place of the previous 

key. 

11. A method as claimed in claim 10, further comprising, in 
25 the user device: 

receiving from the server a message containing a new key 
encrypted set of access codes via the network; 

decrypting the new key encrypted set using the new key; 

and, 

30 storing the decrypted new set for use by a user of the 

user device. 

12. A method as claimed in claim 9, comprising, in the user 
device : 

generating a public /private key pair; 
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sending a message containing the piiblic key of the pair 

to the server via the networks- 
receiving a message containing a session key encrypted 

set of access codes and a public key encrypted session key 
5 from the server via the networks- 
decrypting the public key encrypted session key with the 

private key of the pair to recover a session key encrypted' set 

and a corresponding session key; 

decrypting the session key encrypted ret with the 
10 recovered session key to recover the set; and, 

storing the decrypted set for use by a user of the user- 

device • 

13 . A computer program element comprising computer program 
code mean when loaded in a processor of a user device, 

15 configures the processor to perform a method as claimed in any 
of claims 9 to 12 . 

14. A method for providing a user device with a set of access 
codes, the method comprising, in a server for communicating 
with the user device via a network: 

20 storing an encryption key corresponding to an encryption 

key stored in the user devices- 
allocating the set of access codes to the user device on 
receipt of a message containing an identification code from 
the user device via the network; 
25 performing a look up function based on the identification 

code received in the message to retrieve the key from storage ; 

encrypting the set of access codes using the retrieved 
key to produce an encrypted set; and, 

sending a message containing the encrypted set to the 
30 user device via the network. 

15. ' A method as claimed in claim 14, further comprising, in 
the server: 

generating a new key, encrypting the new key with the 
previous key; and. 
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sending a message containing the encrypted new key to the 
user device via the network; and, 

16. A method as claimed in a claim 15, further comprising, in 
the server: 

5 encrypting a new set of access codes with the new key to 

produce a new key encrypted set; and, 

sending a message containing the new key encrypted set to 
the user device via the network. 

17. A method as claimed in claim 14, further comprising, in 
10 the server: 

receiving a message containing a public key of a 
public/private key pair from the user device; 
generating a session key; 

encrypting the set of access codes with the session key 
15 to produce a session key encrypted set; 

encrypting the session key with the public key to produce 
a public key encrypted session key; and, 

sending a message containing the session key encrypted 
set and the public key encrypted session key to the user 
20 device via the network. 

18. A computer program element comprising computer program 
code means when loaded in a processor of a server computer 
system, configures the processor to perform a method as 
claimed in any of claims 14 to 17. 

25 19 . A method as claimed in any preceding claim, wherein the 
access codes are one time authentication codes. 

20. A method as claimed in any preceding claim, wherein the 
network comprises a wireless communication network. 



21. A method as claimed in claim 20, wherein the user device 
30 comprises a. mobile phone. 
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22. A method as claimed in claim 20, wherein the user device 
comprises a personal digital assistant, 

23. A method as claimed in claim 21 or 22, wherein the user 
device comprises a smart card. 

5 24. A method as claimed in claim 20, wherein the messages are 
SMS messages. 

25. Apparatus for providing a user with a set of access codes, 
the apparatus comprising: a user device; and, server for 
commiinicating with the user device via a communications 

10 network; the user device comprising means for storing an 
encryption key and an identification code, and means for 
sending a message containing the identification code to the 
server via the network; the server comprising means for 
storing an encryption key corresponding to the key stored in 

15 the user device, means for allocating the set of access codes 
on receipt of the identification code from the user device, 
means for performing a look up function based on the 
identification code received in the message to retrieve the 
key from storage, means for encrypting the set of access codes 

20 using the retrieved key to produce an enc2rypted set, and means 
for sending a message containing the encrypted set to the user 
device via the network; and, the user device further 
comprising means for decrypting the encrypted set received 
from the server using the key stored in the user device, and 

25 means for storing the decrypted set of access codes for use by 
the user. 



26. Apparatus as claimed in claim 25, wherein the server 
further comprises means for generating a new key, means for 
encrypting the new key with the previous key, and means for 
30 sending a message containing the encrypted new key to the user 
device via the network, and wherein the user device further 
comprises means for decrypting the new key received from the 
server using the previous key, and means for storing the 
decrypted new key in place of the previous key . 
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27. Apparatus as claimed in claim 26, wherein the server 
further comprises means for encrypting a new set of access 
codes with the new key to produce a new key encrypted set; and 
means for sending a message containing the new key encrypted 

5 set to the user device via the network, and wherein the user 
device further comprises means for decrypting the new key 
encrypted set using the new key, and means for storing the 
decrypted new set for use by a user of the user device. 

28. Apparatus as claimed in claim 25, further comprising: in 
10 the server, means for sending a message containing a new set 

of access codes to the user device via the network; and, in 
the user device, means for storing the new set for use by a 
user of the user device. 

29. Apparatus as claimed in claim 28, further comprising: in 
15 the user device, means for tracking the access codes used by 

the user, means for generating a request in response to the 
number of lonused access codes reaching a predetermined 
threshold, and means for sending a message containing the 
request to the server; and, in the server, means for sending 
20 the message containing the new set of access codes on receipt 
of the request . 

30. Apparatus as claimed in claim 28, further comprising: in 
the server, means for tracking the access codes used by the 
user, and means for sending the message containing the new set 

25 of access codes to the user device in response to the niomber 
of unused access codes reaching a predetermined threshold. 

31. Apparatus as claimed in claim 28, further comprising: in 
the user device, generating a request in response to a manual 
input from the user, and sending a message containing the 

30 request to the server; and, in the server, sending the message 
containing the new set of access codes on receipt of the 
request. 
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32. Apparatus as claimed in claim 25, wherein the user device 
further comprises means for generating a piiblic /private key 
pair and means for sending a message containing the public key 
of the pair to the server via the network; wherein the server 
5 further comprises means for generating a session key, means 
for encrypting the set of access codes with the session key to 
produce a session key encrypted set, means for encrypting the 
session key with the public key to produce a public key 
encrypted session key, and means for sending a message 

10 containing the session key encrypted set and the public key 
encrypted session key to the user device via the network; and, 
wherein the user device further comprises means for decrypting 
the public key encrypted session key with the private key of 
the pair to recover the session key, means for decrypting the 

15 session key encrypted set with the recovered session key to 
recover the set, and means for storing the decrypted set for 
use by a user of the user device . 

33. Apparatus as claimed in any of claims 25 to 32, wherein 
the access codes are one time authentication codes. 

20 34. Apparatus as claimed in any of claims 25 to 32, wherein 
the network comprises a wireless communication network. 

35.. Apparatus as claimed in claim 34, wherein the user device 
comprises a mobile phone. 

36. Apparatus as claimed in claim 34, wherein the user device 
25 comprises a personal digital assistant. 

37. Apparatus as claimed in claim 34, wherein the user device 
comprises a smart card. 



38. Apparatus as claimed in claim 34, wherein the messages 
are SMS messages. 

30 
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39. A user device for receiving a set of access codes from a 
server via a communications network, the device comprising: 
means for storing an encryption key and an identification 
code; means for sending a message containing the 

5 identification code to a server via a communications network; 
means for receiving from the server a message containing the 
set of access codes encrypted with the key; means for 
decrypting the received set of access codes using the key in 
storage; and, means for storing the decrypted set of access 
10 codes for use by a user of the user device. 

40. A user device as claimed in claim 39, further comprising: 
means for decrypting a new key received from the server using 
the previous key; and, means for storing the decrypted new key 
in place of the previous key. 

15 41. A user device as claimed in claim 40, further comprising: 
means for receiving from the server a message containing a new 
key encrypted set of access codes via the network; means for 
decrypting the new key encrypted set using the new key; and, 
means for storing the decrypted new set for use by a user of 

20 the user device. 

42. A user device as claimed in claim 39, further comprising: 
means for generating a public /private key pair; means for 
sending a message containing the public key of the pair to the 
server via the network; means for receiving a message 

25 containing a session key encrypted set of access codes and a 
public key encrypted session key from the server via the 
network; means for decrypting the public key encrypted session 
key with the private key of the pair to recover the session 
key; means for decrypting the session key encrypted set with 

30 the recovered session key to recover the set; and, means for 
storing the decrypted set for use by a user of the user 
device . 
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43. A server for providing a user device with a set of access 
codes via a communications network, the server comprising: 
means for storing an encryption key corresponding to an 
encryption key stored in the user device; means for allocating 

5 the set of access codes to the user device on receipt of a 
message containing an identification code from the user device 
via the network; means for performing a look up function based 
on the identification code received in the message to retrieve 
the key frc^m storage; means for encrypting the set of access 
10 codes using the retrieved key to produce an encrypted set; 
and, means for sending a message containing the encrypted set 
to the user device via the network. 

44. A server as claimed in claim 43, further comprising: 
means for generating a new key, encrypting the new key with 

15 the previous key; and, means for sending a message containing 
the encrypted new key to the user device via the network; and, 

45. A server as claimed in a claim 44, further comprising: 
means for encrypting a new set of access codes with the new 
key to produce a new key encrypted set; and, means for sending 

20 a message containing the new key encrypted set to the user 
device via the network. 

46. A server as claimed in claim 43, further comprising: 
means for receiving a message containing a public key of a 
public /private key pair from the user device; means for 

25 generating a session key; means for encarypting the set of 
access codes with the session key to produce a session key 
encrypted set; means for encar/pting the session key with the 
public key to produce a public key encrypted session key; and, 
means for sending a message containing the session key 

30 encrypted set and the public key encrypted session key to the 
user device via the network. 



